Skip to content

🔑 āļāļēāļĢāļ•āļąāđ‰āļ‡āļ„āđˆāļē SSL Certificate ​

āļ āļēāļžāļĢāļ§āļĄ â€‹

Nextcloud NAS āđƒāļŠāđ‰ Let's Encrypt SSL Certificate āļœāđˆāļēāļ™ certbot

āļĢāļēāļĒāļāļēāļĢāļ„āđˆāļē
ProviderLet's Encrypt
Domaincloudcdm.contentsdigital.us
ExpiryOct 2, 2026
Auto-Renew✅ Enabled

āļāļēāļĢāļ‚āļ­ Certificate āļ„āļĢāļąāđ‰āļ‡āđāļĢāļ â€‹

bash
sudo certbot --nginx -d cloudcdm.contentsdigital.us --non-interactive --agree-tos --email [email protected]

āļ•āđˆāļ­āļ­āļēāļĒāļļ Certificate ​

bash
# āļ•āļĢāļ§āļˆāļŠāļ­āļšāļ§āļąāļ™āļŦāļĄāļ”āļ­āļēāļĒāļļ
sudo certbot certificates

# āļ—āļ”āļŠāļ­āļšāļāļēāļĢāļ•āđˆāļ­āļ­āļēāļĒāļļ (dry run)
sudo certbot renew --dry-run

# āļ•āđˆāļ­āļ­āļēāļĒāļļāļˆāļĢāļīāļ‡
sudo certbot renew

# āļĢāļĩāđ‚āļŦāļĨāļ” nginx āļŦāļĨāļąāļ‡āļ•āđˆāļ­āļ­āļēāļĒāļļ
sudo systemctl reload nginx

Auto-Renewal Timer ​

bash
# āļ•āļĢāļ§āļˆāļŠāļ­āļš systemd timer
systemctl status certbot.timer

# āđāļŠāļ”āļ‡ timer āļ—āļąāđ‰āļ‡āļŦāļĄāļ”
systemctl list-timers | grep certbot

Certificate Path ​

/etc/letsencrypt/live/cloudcdm.contentsdigital.us/
├── fullchain.pem        # Certificate + Chain
├── privkey.pem          # Private Key
├── cert.pem             # Certificate only
└── chain.pem            # CA Chain only

Nginx SSL Configuration ​

nginx
server {
    listen 443 ssl;
    server_name cloudcdm.contentsdigital.us;

    ssl_certificate /etc/letsencrypt/live/cloudcdm.contentsdigital.us/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloudcdm.contentsdigital.us/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # ... proxy settings ...
}

Cloudflare SSL Mode ​

Cloudflare SSL āļ„āļ§āļĢāļ•āļąāđ‰āļ‡āđ€āļ›āđ‡āļ™ Full āļŦāļĢāļ·āļ­ Full (strict) āđ€āļžāļ·āđˆāļ­āđƒāļŦāđ‰ Cloudflare āđ€āļŠāļ·āđˆāļ­āļĄāļ•āđˆāļ­āļāļąāļš Origin āļœāđˆāļēāļ™ HTTPS:

  1. āđ€āļ‚āđ‰āļē Cloudflare Dashboard
  2. āđ€āļĨāļ·āļ­āļ domain → SSL/TLS → Overview
  3. āđ€āļĨāļ·āļ­āļ Full (strict)

Nextcloud NAS Documentation